Is it possible to have a 100% secure organisation?

In today's advanced cyber threat landscape protecting an organisation is an increasingly difficult and laborious task.

Shadow Brokers, Cloudbleed, WannaCry and then Petya. It’s been enough to make even the most unflappable executive wake up in the middle of the night in a cold sweat. This year has seen a proliferation of devastating cyberattacks. Security has rocketed to the top of the Boardroom agenda.

How then do you make your organisation completely secure against cyber attacks?

>See also: Why organisations must secure the network

No organisation can be totally secure but you can mitigate the risk of such attacks being successful. A layered approach to security harnessing different defences can cover the gaps in the others’ protective capabilities. Firewalls, intrusion detection systems, malware scanners, integrity auditing procedures, local storage encryption tools and social engineering training can each help.

An easy mistake is that you invest in sophisticated software but fail to address the vulnerability of your employees. Social engineering is the manipulation of people through psychological or non-technical means, in order to gain access to finance, data, information or even physical access to premises or goods.

According to ‘People Hacker’ expert, Jenny Radcliffe: “We are all at risk from malicious social engineers who would manipulate anyone they can to achieve their goals. However, company staff are especially vulnerable as they provide a good route to accessing an organisation’s information.”

Gradually the hacker gains the trust of the target and then uses that trust to get access to sensitive information like password or bank account details. It’s basically a type of confidence trick for the sake of information gathering, fraud or systems access.

>See also: Evolving security operations strategy to fit the cloud

At the heart of mitigating this threat is education. There is a raft of free materials online that provide a good grounding in how to combat it. Events such as IP EXPO and training courses can also be considered to educate staff, spread awareness and help protect employees of all levels from people based hacks.

The good news is that firms are investing more in security than ever before. But let’s hope this spend is focussed as much on educating staff as it is on security software and systems.

 

The UK’s largest conference for tech leadershipTechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...